Identification and risk evaluation

ABSTRACT

Methods, systems, and machine-readable media are disclosed for identification of an individual and evaluation of risk from doing business with that individual. In one embodiment a method of evaluating a risk from conducting business with an individual comprises receiving identity information related to the individual. The identity information includes information from an identity credential presented by the individual. The identity credential is validated based on the information from the identity credential and one or more positive databases. An identity of the individual is verified based on the identity information and the one or more positive databases. The identity information is screened against one or more negative databases indicating past losses to one or more entities. Results of the screening are reported based on one or more criteria of an entity considering doing business with the individual.

CROSS-REFERENCES TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.11/159,813, filed Jun. 22, 2005, entitled “IDENTIFICATION AND RISKEVALUATION,” which disclosure is incorporated herein by reference.

BACKGROUND OF THE INVENTION

Customers of various businesses, such as retail merchants, governmententities or financial institutions, are often required to present anidentification to complete a transaction. For example, financialinstitutions usually require customers to present an identification tocomplete a withdrawal or deposit transaction, cash a check, or open anew account. Unfortunately, a number of advances have been made incounterfeiting technology which make it increasingly difficult for thenaked eye to distinguish legally issued identification documents fromfraudulent identification documents.

Since enactment of the USA Patriot Act, identity verification has becomeeven more important to financial institutions and other types ofbusinesses. Under Section 326 of the Act, financial institutions mustinstitute a Customer Identification Program (CIP) that containsreasonable risk-based procedures to collect identifying informationabout customers opening an account, verify that customers are who theysay they are to the extent reasonable and practicable, maintain recordsof customer information and methods used to verify their identity, anddetermine whether the customer appears on any list of suspectedterrorists or terrorist organizations.

Additionally, with the rise of identity theft and other forms of fraud,financial institutions and other businesses seek new ways to evaluatethe risk of doing business with a particular individual or other entity.That is, before initiating a transaction with a particular individual orentity, businesses want to know whether that individual or entitypresents a risk of losses due to fraud, account abuse, or other reasons.Further, if an individual or entity presents some risk, the businesseswant to know how much risk and what kind of risk so that they canevaluate whether they want to do business with this entity and, if theydo decide to do business, what kind of services and/or transactions theywant to offer.

BRIEF SUMMARY OF THE INVENTION

Methods, systems, and machine-readable media are disclosed foridentification of an individual or other entity and evaluation of riskfrom doing business with that individual or entity. In one embodiment, amethod of evaluating a risk from conducting business with an individualcomprises receiving identity information related to the individual. Theidentity information can include information from an identity credentialpresented by the individual. The identity credential can be validatedbased on the information from the identity credential and one or morepositive databases. An identity of the individual can be verified basedon the identity information and the one or more positive databases. Theidentity information can be screened against one or more negativedatabases indicating past losses to one or more entities. Results of thescreening can be reported based on one or more criteria of an entityconsidering doing business with the individual.

According to one embodiment, screening can further comprise generating ascore for one or more past losses associated with the individual inresponse to finding the identity information for the individual in theone or more negative databases. The score can be based on one or morecriteria of the entity considering doing business with the individual.Reporting results of the screening can comprise reporting the score in aformat selected by the entity considering doing business with theindividual.

The information indicating past losses to one or more entities in thenegative databases can be submitted to the negative databases by the oneor more entities incurring the past losses. According to one embodiment,a fee can be credited to the one or more entities submitting theinformation indicating past losses. The information can indicate pastlosses due to fraud by the individual, account abuse by the individual,or losses due to the individual being a victim of identity theft. Insome cases, the information indicating past losses can separatelyindicate losses of fee revenue and losses of principal.

According to another embodiment, the method comprises receiving identityinformation related to an individual. The identity information caninclude information from an identity credential presented by theindividual. A validity rating can be generated for the identitycredential based on the information from the identity credential and oneor more positive databases. A verification rating can be generated foran identity of the individual based on the identity information and theone or more positive databases. A risk rating can be generated for theindividual based on the identity information, one or more negativedatabases indicating past losses to one or more entities, and riskcriteria provided by an entity considering doing business with theindividual. The risk rating for the individual can be reported based onone or more report criteria of the entity considering doing businesswith the individual.

The information indicating past losses to one or more entities in thenegative databases can be submitted to the negative databases by the oneor more entities incurring the past losses. A fee can be credited to theone or more entities submitting the information indicating past losses.The information can indicate past losses due to fraud by the individual,past losses due to account abuse by the individual, or past losses dueto the individual being a victim of identity theft. In some cases, theinformation indicating past losses can separately indicate losses of feerevenue and losses of principal.

According to yet another embodiment, a system for identification andrisk evaluation comprises a processor and a memory communicativelyconnected with and readable by the processor. The memory containsinstructions which, when executed by the processor, cause the system toreceive identity information related to an individual. The identityinformation includes information from an identity credential presentedby the individual. The identity credential is validated based on theinformation from the identity credential and one or more positivedatabases. An identity of the individual is verified based on theidentity information and the one or more positive databases. Theidentity information is screened against one or more negative databasesindicating past losses to one or more entities. Results of the screeningare reported based on one or more criteria of an entity consideringdoing business with the individual.

According to one embodiment, screening can further comprise generating ascore for one or more past losses associated with the individual inresponse to finding the identity information for the individual in theone or more negative databases. The score can be based on one or morecriteria of the entity considering doing business with the individual.Reporting results of the screening can comprise reporting the score in aformat selected by the entity considering doing business with theindividual.

The information indicating past losses to one or more entities in thenegative databases can be submitted to the negative databases by the oneor more entities incurring the past losses. A fee can be credited to theone or more entities submitting the information indicating past losses.The information can indicate past losses due to fraud by the individual,account abuse by the individual, or losses due to the individual being avictim of identity theft. In some cases, the information indicating pastlosses can separately indicate losses of fee revenue and losses ofprincipal.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram conceptually illustrating an exemplaryenvironment in which a trusted custodian system may be implemented;

FIG. 2 is a block diagram illustrating an exemplary computer system uponwhich various elements of the exemplary environment illustrated in FIG.1 may be implemented;

FIG. 3 is a block diagram illustrating functional components of acustodian system according to one embodiment;

FIG. 4 is a block diagram illustrating exemplary databases that may beused in a custodian system according to one embodiment;

FIG. 5 is a flowchart illustrating, at a high level, positiveidentification and risk evaluation according to one embodiment; and

FIG. 6 is a flowchart illustrating additional details of risk evaluationaccording to one embodiment.

DETAILED DESCRIPTION OF THE INVENTION

In the following description, for the purposes of explanation, numerousspecific details are set forth in order to provide a thoroughunderstanding of various embodiments of the present invention. It willbe apparent, however, to one skilled in the art that embodiments of thepresent invention may be practiced without some of these specificdetails. In other instances, well-known structures and devices are shownin block diagram form.

FIG. 1 conceptually illustrates an exemplary environment in which atrusted custodian system may be implemented. As illustrated here, thisenvironment 100 includes a custodian system 105, a number ofcontributors 110-130, and a requestor, in this case, requestingfinancial institution 135. As used herein, the term requestor can referto a financial institution, such as requesting financial institution135, or other entity which is seeking to identify and evaluate anindividual or entity it is considering doing business with. The termcontributor can refer to an entity that contributes information to thecustodian system 105 to help identify and evaluate an individual orentity a requestor is considering doing business with. As will be seen,any given entity connected with the custodian system 105 can act aseither a contributor or a requestor at any given time. The contributors110-130 and requesting financial institution 135 may be communicativelyconnected with the custodian system 105 in a variety of ways including,but not limited to, a wire or wireless Local Area Network (LAN), WideArea Network (WAN), the Internet, or other common communications media.

Generally speaking, custodian system 105 maintains a number of databasesthat it uses to rate or score an individual seeking to do business witha particular financial institution such as requesting financialinstitution 135 or other type of entity connected with custodian system105. As will be seen, custodian system 105 can accept identityinformation 150 from the requesting financial institution 135 or othersource. The identity information 150 can relate to an individual seekingto do business with the requesting financial institution 135 such aswhen opening an account, seeking a loan, etc. As will be discussed indetail below, this information can include a variety of informationuseful in identifying the individual to which it relates. The custodiansystem 105 checks this information against its databases and rates orscores the individual for whom the identity information 150 has beensubmitted. The rating or score can be based on a number of criteriasubmitted by the requesting financial institution 135 and used togenerate a customized response 155 indicating a level of risk associatedwith doing business with the individual. According to one embodiment,this customized response 155 can comprise an overall score or rating forthe entity represented by the identity information 150 and may be basedon a number of rating criteria previously submitted to the custodiansystem 105 by the requesting financial institution 135.

Contributors 110-130 can comprise a variety of different entities andentity types. In many cases, the contributors can be a number ofdifferent financial institutions such as banks, credit card companies,lenders, and other entities offering financial services. Typically,contributing financial institutions 110-120 can contribute data used tobuild and maintain databases used by the custodian system 105 to makedeterminations on or score various individuals with which thecontributing financial institutions 110-120 have done business. Forexample, one financial institution 115 may have information about anindividual that it has dealt with in the past. That information may beparticularly useful to another institution when the same individualattempts to open a new account at the other institution. Subject tooperating rules implemented by the custodian system to maintain thequality of the information, such information can be submitted to thecustodian system 105 for possible use by a requesting financialinstitution 135.

For example, contributing financial institution 115 may, in the normalcourse of business, detect a loss associated with a particularindividual (i.e., John Doe). While investigating this loss, thefinancial institution 115 may detect certain patterns of transactions byMr. Doe that are typically associated with fraudulent behavior.Knowledge of this activity may be particularly useful to requestingfinancial institution 135 if Mr. Doe is attempting to open an account orconduct business with requesting financial institution 135. Therefore,contributing financial institution 115 can submit loss information 145related to Mr. Doe's activity to custodian system 105 to be stored inthe databases of custodian system 105 for use in scoring or ranking Mr.Doe when identity information 150 related to Mr. Doe is submitted byrequesting financial institution 135, i.e., when Mr. Doe tries to dobusiness with requesting financial institution 135. Therefore, thecustodian system 105 can discover, and requesting financial institution135 can learn, that Mr. Doe may present some risk of loss. In return,contributing financial institution 115 may receive fees 140 from thecustodian 105 when the contributed loss information 145 is used by therequesting financial institution 135. That is, the operator of thecustodian system 105 may charge requesting financial institution 135 afee for use of its services. Whenever information submitted by acontributor is used by a requestor, the custodian may share a portion ofthe fees collected from the requestor with the contributor to encouragesubmission of the information.

Other contributors may include governmental entities 125 as well asprivate entities 130 other than financial institutions. For example,governmental entity contributor 125 may represent the Social SecurityAdministration that may be used as a source of information regardingcurrent, active Social Security numbers useful in determining whether aSocial Security number submitted as part of identity information 150 byrequesting financial institution 135 is valid and/or corresponds toother information about the individual. In another example, governmentalentity contributor 125 may represent a Department of Motor Vehicles thatcan provide information that may be useful in determining whether adriver's license number or other information submitted as part ofidentity information 150 by requesting financial institution 135 isvalid and/or corresponds to other information about the individual.Private entity contributor 130 may represent any of a number of free orpay services offering information that may be useful to the custodiansystem 105 in identifying and/or evaluating an entity related toidentity information 150 submitted by a requestor. For example, privateentity contributor 130 may represent an online search engine ordirectory or database of various records or information. Importantly,while only one governmental entity contributor 125 and one privateentity contributor 130 are shown in this example, any number ofcontributors of various types may be present in practice.

A requestor, such as requesting financial institution 135, can compriseany one or more of a variety of different types of entities. Forexample, the requesting financial institution 135 may be a bank, creditcard company, other lender, or other entity offering financial services.In other cases, the requestor may not be a financial institution but maybe another type of entity such as a merchant or other type of business.

In many cases, a financial institution will require an individual topresent identification to verify the individual's identity in order tocomplete a transaction or otherwise conduct business. Therefore,requesting financial institution 135 or other requestor may use readerdevices to read encoded data on identification credentials such asdriver's licenses. For example, reader devices may be magnetic cardreaders, two-dimensional bar code readers, smart chip readers, or othertype of reader device used to read data encoded on identifications.Alternatively, the requesting financial institution 135 or otherrequestor may obtain identification information from the individual inother ways. For example, the requestor may manually read a driver'slicense number, social security number, and/or other identificationinformation supplied by the individual through an identity credentiallike a passport, drivers license, military ID, etc.

In summary, the custodian system 105 can gather information from anumber of contributors 110-130 and can use this information to build andmaintain a number of databases. As will be seen, these databases caninclude a variety of positive as well as negative information. Forexample, positive information contributed by a governmental entity suchas the Social Security Administration of the Department of MotorVehicles of a particular state can be useful in validating a credentialpresented by an individual opening an account and/or verifying theidentity of that individual. That is, such information can be used todetermine whether the credential presented is real or valid and whetherthe credential actually belongs to the individual using it. Negativeinformation contributed by various financial institutions may be usefulin determining whether the individual is credit worthy or is otherwisedesirable to do business with. For example, information contributed byone financial institution may indicate a past history of lossesassociated with a particular individual. Further, such information is,from time to time, updated by the custodian and the contributors. Forexample, a record of a loss associated with an individual and submittedby contributing financial institution 115 may be updated when theindividual takes corrective action, such as paying an overdraft, toremedy the loss. In such a case, the custodian system 105 may retain theoriginal record of the loss but update it to indicate that correctiveaction was taken. Also, it should be understood that, from time to time,a given financial institution or other entity may act as either acontributor or a requestor. That is, a particular entity mayperiodically submit information to the custodian for use in one or moreof its databases and then, at other times, request rating or scoring ofan individual seeking to do business with that entity.

When requesting financial institution 135 initiates or conducts businesswith an individual, it can obtain identity information from thatindividual and send it to the custodian. The custodian system receivesthe identity information related to the individual. The identityinformation typically includes information from an identity credentialsuch as a driver's license presented by the individual. The custodiansystem validates the identity credential based on the information fromthe identity credential and one or more positive databases. Thecustodian system then verifies the identity of the individual based onthe identity information and the one or more positive databases andscreens the identity information against one or more negative databasesindicating past losses to one or more entities. In some cases, such aswhen reading information from a magnetic strip on a driver's license,verification may also include algorithms for decoding informationcontained therein and/or verifying the format of such data. Thecustodian system then reports results of said screening based on one ormore criteria of an entity considering doing business with theindividual. Additional details of the custodian system and the functionperformed therein will be discussed below with reference to FIGS. 3-6.

FIG. 2 is a block diagram illustrating an exemplary computer system uponwhich various elements of the exemplary environment illustrated in FIG.1 may be implemented. The computer system 200 is shown comprisinghardware elements that may be electrically coupled via a bus 255. Thehardware elements may include one or more central processing units(CPUs) 205; one or more input devices 210 (e.g., a scan device, a mouse,a keyboard, etc.); and one or more output devices 215 (e.g., a displaydevice, a printer, etc.). The computer system 200 may also include oneor more storage device 220. By way of example, storage device(s) 220 maybe disk drives, optical storage devices, solid-state storage device suchas a random access memory (“RAM”) and/or a read-only memory (“ROM”),which can be programmable, flash-updateable and/or the like.

The computer system 200 may additionally include a computer-readablestorage media reader 225; a communications system 230 (e.g., a modem, anetwork card (wireless or wired), an infra-red communication device,etc.); and working memory 240, which may include RAM and ROM devices asdescribed above communicatively coupled with and readable by CPU(s) 205.In some embodiments, the computer system 200 may also include aprocessing acceleration unit 235, which can include a DSP, aspecial-purpose processor and/or the like.

The computer-readable storage media reader 225 can further be connectedto a computer-readable storage medium, together (and, optionally, incombination with storage device(s) 220) comprehensively representingremote, local, fixed, and/or removable storage devices plus storagemedia for temporarily and/or more permanently containingcomputer-readable information. The communications system 230 may permitdata to be exchanged with a network and/or any other computer or othertype of device.

The computer system 200 may also comprise software elements, shown asbeing currently located within a working memory 240, including anoperating system 245 and/or other code 250, such as an applicationprogram. The application programs may implement the methods of theinvention as described herein. It should be appreciated that alternateembodiments of a computer system 200 may have numerous variations fromthat described above. For example, customized hardware might also beused and/or particular elements might be implemented in hardware,software (including portable software, such as applets), or both.Further, connection to other computing devices such as networkinput/output devices may be employed.

FIG. 3 is a block diagram illustrating functional components of acustodian system according to one embodiment. This example illustratesthe contributors 110-130, custodian system 105 and requesting financialinstitution 135 as discussed above. The custodian system 105 includes adatabase management system 305, a number of positive databases 315,negative databases 320, and business logic databases 325, and a numberof processes or operational modules 330-345.

Loss information 145 submitted by contributors 110-130 to custodiansystem 105 can be used by database management system 305 to build andmaintain a number of positive databases 315, negative databases 320, andbusiness logic databases 325. Positive databases 315 can containinformation useful to identify and/or verify an entity related toidentity information 150 submitted by requesting financial institution135. Negative databases 320 can include information useful inidentifying fraud, account abuse, or other losses associated with aparticular individual or entity. Business logic databases can includeinformation or criteria related to how a particular requestor may wishto score or rate particular behaviors or information associated with anindividual and how the requestor wants to have that informationreported. Some exemplary databases, the data they may contain, and howthey may be used will be discussed in greater detail below withreference to FIG. 4.

Processes or operational modules performed or operated by custodiansystem 105 include credential validation 330, identity verification 335,screening 340, and customizable business logic 345. In operation, whenthe custodian system 105 receives identity information 150 fromrequesting financial institution 135, these processes are performed tovalidate and verify the identity information and to rate or score theentity represented by this information so that the requestor candetermine the risk or value in doing business with that entity.

Therefore, when a requesting financial institution 135 first encountersan entity with which they may do business, the requesting financialinstitution 135 obtains some identity information from that entity. Forexample, the requesting financial institution 135 may swipe or read adriver's license of the individual, request a social security number,require a home address and phone number, etc. Requesting financialinstitution 135 then sends this identity information 150 to thecustodian for evaluation.

The custodian system 105 receives the identity information 150 from therequesting financial institution 135 and performs credential validation230 and identity verification 335 using information from positivedatabases 315 generated and maintained by database management system 305with data from contributors 110-130 or generated or obtained by thecustodian system by other means. Credential validation 330 determineswhether the credentials used by the individual to provide the identityinformation 150 are valid, i.e., not forged, altered, expired, etc.while identity verification 335 determines whether the identityinformation 150 actually belongs to the individual presenting it, i.e.,whether the individual presenting the credential is who he claims to be.Details of exemplary credential validation 330 and identity verification335 processes are disclosed in U.S. patent application Ser. No.11/031,469 entitled “Identity Verification Systems and Methods,” filedon Jan. 6, 2005, the details of which are herein incorporated byreference.

The identity information 150 submitted to the custodian system 105 byrequesting financial institution 135 can then be screened 340 againstone or more negative databases. As outlined above, the negativedatabases 320 can comprise loss information 145 related to fraud,account abuses, or other losses submitted by one or more contributors110-130. For example, contributing financial institution 115 may havesubmitted loss information 145 related to a loss it incurred whendealing with Mr. John Doe. This loss information 145 can be added to andmaintained in the one or more negative databases 320 by databasemanagement system 305 and searched against by screening process oroperational module 340. Therefore, the loss suffered by contributingfinancial institution 115 can be discovered and used to score or rateMr. Doe when his identity information 150 is submitted by requestingfinancial institution 135.

As mentioned above, the custodian system may share fees with thecontributing financial institution 115 that supplied the lossinformation 145 used by the requesting financial institution 135. Thatis, the contributing financial institution can be paid when theinformation it supplies adds value to the negative databases and isuseful to a requesting financial institution. In this case, thescreening process of the custodian system may update the business logicdatabases 325 or take another action to track and/or credit these to thecontributing financial institution 115.

As will be discussed in greater detail below, screening 340 can becustomized by the requestor. Since not all losses suffered bycontributors may be considered relevant to the requesting financialinstitution 135, information previously submitted to the custodiansystem 105 by the requesting financial institution 135 and stored bydatabase management system 305 in one or more business logic databases325 can be used by screening process 340 to determine which negativeinformation may be relevant to the requesting financial institution 135.For example, one particular financial institution may be extremelyconservative and may want to learn about any loss associated with anindividual at any time by any contributor. Another requestor may besomewhat less conservative and may have different criteria for searchingthe negative databases. Such a requestor may want to search only forlosses of greater than some predefined dollar amount. Yet anotherrequestor may be interested only in losses of more than a certain dollaramount and only those occurring within a certain time period such as thepast year or two years.

Results of credential validation 330, identity verification 335, andscreening 340 can then be aggregated and/or summarized by customizablebusiness logic 345 using information previously submitted to thecustodian system 105 by the requesting financial institution 135 andstored by database management system 305 in one or more business logicdatabases 325 to provide a customized response 155 to the requestingfinancial institution 135. Such information can be submitted to thecustodian system 105 online via any of a variety of communication means,by written request, etc. This information may also be configurable bythe requestor on an ongoing and/or periodic basis. Therefore, therequestor can change screening criteria as business practices andrequirements change.

For example, responses can, according to one embodiment, be given in theform of various messages indicating the level of confidence therequestor can have in doing business with the individual. The messagesmay be text based, numeric, graphical or another format. The rating orscore of an individual, as a result of the credential validation,identity verification, and screening processes, can be used to determinewhat level of indication or type of message to give. As such, variousrequestors may indicate a different score to trigger each level. Thatis, one requestor may request a cautionary or warning message at ahigher or lower score than another requestor. Various other types ofresponses may also be given. For example, a raw score, as the result ofthe credential validation, identity verification, and screeningprocesses may be given to the requestor rather than messages. In anotherexample, the response may be a rating on a numeric scale such as 1 to 5,or 1 to 10, etc. According to one embodiment, the type of response mayvary depending upon the requestor and the information for that requestorin the business logic database. Therefore, the requestor can customizewhat data they see and how it is presented. As with the screeningcriteria, reporting criteria can be submitted to the custodian system105 online via any of a variety of communication means, by writtenrequest, etc. This information may also be configurable by the requestoron an ongoing and/or periodic basis. Therefore, the requestor can changescreening criteria as business practices and requirements change.

FIG. 4 is a block diagram illustrating exemplary databases that may beused in a custodian system according to one embodiment. As discussedabove, the custodian system 105 receives the identity information 150from the requesting financial institution 135 and performs credentialvalidation 230 and identity verification 335 using information frompositive databases 315 generated and maintained by database managementsystem 305 with data from contributors 110-130 or generated or obtainedby the custodian system by other means. Credential validation 330determines whether the credentials used by the individual to provide theidentity information 150 are valid while identity verification 335determines whether the identity information 150 actually belongs to theindividual presenting it.

Generally speaking, credential validation 330 can comprise determiningwhether the credential presented to the requesting financial institution135 is valid, i.e., not forged, altered, expired, etc. Thisdetermination can be based on information in one or more positivedatabases 315 relating to the format and/or content of the identityinformation 150. In some cases, such as when reading information from amagnetic strip on a driver's license, verification may also includealgorithms for decoding information contained therein and/or verifyingthe format of such data.

For example, positive databases 315 may include driver's license formatinformation 405 and Social Security Format information 410. Driver'slicense format information 405 may be information related to the correctformat and/or content of information scanned or read from a driver'slicense. Such information may be contributed by or obtained from theDepartment of Motor Vehicles of various states. Such information may beused to determine, for example, whether a driver's license numberscanned or read from a driver's license is in the correct format forthat state or whether the number matches the name on the license.Similarly, Social Security Format information 410 may be informationrelated to the correct format and/or content of a Social Security Numbersubmitted by an individual to the requesting financial institution. Suchinformation may be contributed by or obtained from the Social SecurityAdministration. Such information may be used to determine, for example,whether a submitted Social Security Number is in the correct format, isin the proper range for its issue date, is not that of a deceasedperson, etc.

While not indicated in FIG. 4, credential validation may, in some cases,use information from the business logic databases 325. For example, whena defect or mismatch is found in the identity credential, the defect ormismatch may be given a weighted score or ranking based on criteriastored in the business logic databases 325.

Identity verification 335 generally can comprise determining whether theindividual presenting the credential to requesting financial institution135 is who he claims to be. This determination can be based oninformation in one or more positive databases 315 relating to thecontent of the identity information 150.

For example, positive databases 315 may include a name and SocialSecurity database 415 relating a list of known social security numbersto names of the holder of that number. Positive databases 315 may alsoinclude a list of phone numbers 425 that can be checked to determinewhether a phone number submitted by an individual is active, whether itis a cell phone number, or other information relating to the number. Alist of phone numbers and related addresses 420 may also be used toverify whether the phone number and address given by an individualcorrespond to one another. This list of addresses and phone numbers 420or a separate list of addresses 430 can also be used to determinewhether an address given by an individual is a business address, homeaddress, temporary/transient address, etc.

While not indicated in FIG. 4, identity verification may, in some cases,use information from the business logic databases 325. For example, whena defect or mismatch is found in the identity information, the defect ormismatch may be given a weighted score or ranking based on criteriastored in the business logic databases 325.

The identity information 150 submitted to the custodian system 105 byrequesting financial institution 135 can then be screened 340 againstone or more negative databases. As outlined above, the negativedatabases 320 can comprise information 135 related to fraud, accountabuses, or other losses submitted by one or more contributors 110-130.For example, contributing financial institution 115 may have submittedinformation 135 related to a loss it incurred when dealing with Mr. JohnDoe. Subject to operating rules implemented by the custodian system tomaintain the quality of the information, this information 135 can beadded to and maintained in the one or more negative databases 320 bydatabase management system 305 and searched against by screeningprocessor or operational module 340. Therefore, the loss suffered bycontributing financial institution 115 can be discovered and used toscore or rate Mr. Doe when his identity information 150 is submitted byrequesting financial institution 135.

As shown here, negative databases 320 may include information from theOffice of Foreign Asset Control (OFAC) related to prohibited individualsand/or organizations. The Office of Foreign Assets Control maintains alist of Specially Designated Nationals and Blocked Entities (SDNs). Thislist represents individuals and entities that are owned, controlled by,or acting for or on behalf of the governments of the targeted countriesor are associated with international drug trade or terrorism. Financialinstitutions, securities firms, and insurance companies are prohibitedfrom dealing with SDNs, and obligated to block or “freeze” property andpayment of any funds transfers or transactions, and to report allblockings to OFAC.

Negative databases 320 may also include a list of known account abuses440 such as an excessive number of overdrafts or other activities thatmay not necessarily represent fraud but caused a loss to the financialinstitution anyway. The negative databases may also include a list ofclosed accounts 445 that can be searched to determine whether theindividual has had an account closed for cause. A list of known frauds450 may also be included and searched to determine whether a contributorhas provided information indicating a past fraud by the individual.

As will be discussed in greater detail below with reference to FIGS. 5and 6, screening 340 can be customized by the requestor. Since not alllosses suffered by contributors may be considered relevant to therequestor, information previously submitted to the custodian system 105by the requestor and stored by database management system 305 in one ormore business logic databases 325 can be used by screening process 340to determine which negative information may be relevant to therequestor. For example, one particular requestor may be extremelyconservative and may want to learn about any loss associated with anindividual at any time by any contributor. Another requestor may besomewhat less conservative and may have different criteria for searchingthe negative databases. Such a requestor may want to search only forlosses of greater than some predefined dollar amount. Yet anotherrequestor may be interested only in losses of more than a certain dollaramount and only those occurring within a certain time period such as thepast year or two years. Therefore, business logic databases may includescreening criteria 455 related to a particular requestor indicating arange of data to be searched, databases to be included or excluded,limits for determining matches, weights to be used in scoring or ratingmatches, etc.

Results of credential validation 330, identity verification 335, andscreening 340 can then be accumulated and/or summarized by customizablebusiness logic 345 using reporting criteria 460 previously submitted tothe custodian system 105 by the requestor and stored by databasemanagement system 305 in one or more business logic databases 325 toprovide a customized response 155 to the requestor. The type of responsemay vary depending upon the requestor and the reporting criteria 460 forthat requestor in the business logic database 325. As mentioned above,responses can, according to one embodiment, be given in the form ofvarious flags such as a green flag, yellow flag, or red flag indicatingthe level of confidence the requestor can have in doing business withthe individual. The rating or score of an individual, as a result of thecredential validation, identity verification, and screening processes,can be used to determine what level of indication to give. As such,various requestors may indicate a different score to trigger each level.That is, one requestor may request a yellow flag or a red flag at ahigher of lower score than another requestor. Various other types ofresponses may also be given. For example, a raw score, as the result ofthe credential validation, identity verification, and screeningprocesses may be given to the requestor rather than flags. In anotherexample, the response may be a rating on a numeric scale such as 1 to 5,or 1 to 10, etc. In some cases, a detailed message in the form of anHyperText Markup Language (HTML), eXtensible Markup Language (XML), orother document may be sent to the requestor. Such a document may includedetailed results of the credential validation 330, identity verification335, and screening 340 processes and indicate results including but notlimited to the identity of the contributor(s), the amount of theloss(es), the date(s) the loss(es) occurred, etc.

FIG. 5 is a flowchart illustrating, at a high level, positiveidentification and risk evaluation according to one embodiment.According to this example, evaluating a risk from conducting businesswith an individual comprises the custodian system receiving 500 identityinformation related to the individual from, for example, a requestingfinancial institution or other requestor. As discussed above, theidentity information includes information from an identity credentialpresented by the individual such as a driver's license number scanned orread from a driver's license, a social security number provided by theindividual, etc.

The custodian system determines 505 whether the identity credential isvalid based on the information from the identity credential and one ormore positive databases. For example, a driver's license number can bescreened against information related to correct and/or valid numbers. Ifthe credential is determined 505 to be defective, i.e., not valid, ascore or rating can be generated 510 by the custodian system. In somecases, the score or rating may also be based, in part, on criteria fromthe requestor such as a weight to be applied to such a defect.Alternatively, the custodian system can generate a rating for theidentity credential even if valid. That is, rather than scoring orrating only defects, the rating may be generated for all credentialswith, for example, a high rating for a valid credential and a low ratingfor invalid credentials. In yet another alternative, a defectivecredential may not be scored at all. Rather, the process may end and awarning given to the requestor. The manner in which a defectivecredential is handled may depend, in part or in whole, on informationsubmitted by the requestor and stored in the business logic databases ofthe custodian as discussed above.

The custodian system determines 505 whether the identity of the entityis verified based on the identity information from the requestor and oneor more positive databases. For example, the name, phone number,address, Social Security Number, etc. supplied in the identityinformation can be checked against the positive databases as describedabove. If the identity information is determined 515 to be not verified,i.e., not matching, a score or rating can be generated 510 by thecustodian system. In some cases, the score or rating may also be based,in part, on criteria from the requestor such as a weight to be appliedto such a mismatch. Alternatively, the custodian system can generate arating for the identity information even if verified. That is, ratherthan scoring or rating only mismatches, the rating may be generated forall identity information with, for example, a high rating for a verifiedinformation and a low rating for unverified information. In yet anotheralternative, unverified information may not be scored at all. Rather,the process may end and a warning given to the requestor. The manner inwhich identity information is handled may depend, in part or in whole,on information submitted by the requestor and stored in the businesslogic databases of the custodian as discussed above.

The identity information is screened against one or more negativedatabases indicating past losses to one or more entities. That is, thecustodian determines 525 whether loss information related to theindividual is found in the negative databases. If 525 loss informationis found in the negative databases related to the individual, the losscan be scored or rated 530 based on the loss information and thecriteria of the requestor. In other words, the custodian system cangenerate a risk rating for the individual based on the identityinformation, one or more negative databases indicating past losses toone or more entities, and risk criteria provided by an entityconsidering doing business with the individual.

As discussed above, the information indicating past losses to one ormore entities in the negative databases can be submitted to the negativedatabases by the one or more entities incurring the past losses.Further, a fee can be credited 535 to the one or more entitiessubmitting the information indicating past losses. That is, thecontributing financial institution can be paid when the information itsupplies adds value to the negative databases and is useful to arequesting financial institution.

The custodian system reports 540 results of said screening based on oneor more criteria of an entity considering doing business with theindividual. Reporting 540 the risk rating for the individual can bebased on one or more report criteria of the entity considering doingbusiness with the individual. Report of the results can comprisereporting the score in a format selected by the entity considering doingbusiness with the individual. For example, the custodian system mayreport a flag, a rating or score, a detailed message, etc. based on thereporting criteria supplied by the requestor as discussed above.

According to one embodiment, risk evaluation, i.e., screening againstthe negative databases for losses associated with the entity for whomthe requestor has submitted identity information, may screen for avariety of different types of losses, with each type being handledaccording to the requestor's criteria for that type of loss. FIG. 6 is aflowchart illustrating additional details of risk evaluation accordingto one embodiment. In this example, the custodian system determines 605whether loss information in the negative databases is associated withthe entity for which identity information has been received from therequestor. If 605 the loss is associated with this entity, adetermination 610 is made as to whether the loss is within therequestor's criteria. That is, the requestor may not be interested inall losses as indicated by previously submitted screening criteria.Therefore, this criteria is checked to determine 610 whether therequestor may be interested in knowing of this loss.

If 610 the loss is within the requestor's criteria, the custodian systemdetermines 615 whether the information indicates past losses due tofraud by the individual. If 615 the information indicates past lossesdue to fraud by the individual, the fraud can be scored 620 or ratedbased on the requestor's criteria.

If 615 the loss is not due to fraud by the individual, the custodiansystem determines 625 whether the information indicates past losses dueto account abuse by the individual. If 625 the information indicatespast losses due to account abuse by the individual, the abuse can bescored 630 or rated based on the requestor's criteria.

If 625 the loss is not due to account abuse by the individual, thecustodian system determines 635 whether the information indicates pastlosses due to the individual being a victim of identity theft. If 635the information indicates past losses due to the individual being avictim of identity theft, the loss can be flagged or scored 640 or ratedbased on the requestor's criteria.

If 635 the loss is not due to the individual being a victim of identitytheft, the custodian system determines 645 whether the informationindicates the past losses are fee losses only or include principallosses. If 645 the information indicates past loss of fees only, theloss can be scored 640 or rated based on the requestor's criteria.Similarly, if the loss includes principal, the loss can be scored orrated based on the requestor's criteria for such losses.

In the foregoing description, for the purposes of illustration, methodswere described in a particular order. It should be appreciated that inalternate embodiments, the methods may be performed in a different orderthan that described. Additionally, the methods may contain additional orfewer steps than described above. It should also be appreciated that themethods described above may be performed by hardware components or maybe embodied in sequences of machine-executable instructions, which maybe used to cause a machine, such as a general-purpose or special-purposeprocessor or logic circuits programmed with the instructions, to performthe methods. These machine-executable instructions may be stored on oneor more machine readable mediums, such as CD-ROMs or other type ofoptical disks, floppy diskettes, ROMs, RAMs, EPROMs, EEPROMs, magneticor optical cards, flash memory, or other types of machine-readablemediums suitable for storing electronic instructions. Alternatively, themethods may be performed by a combination of hardware and software.

While illustrative and presently preferred embodiments of the inventionhave been described in detail herein, it is to be understood that theinventive concepts may be otherwise variously embodied and employed, andthat the appended claims are intended to be construed to include suchvariations, except as limited by the prior art.

1. (canceled)
 2. A method of evaluating a risk from conducting businesswith an individual, the method comprising: receiving, at a processor ofa custodian system, identity information related to the individual, theidentity information including information from an identity credentialpresented by the individual; validating, with the processor of thecustodian system, the identity credential based on the information fromthe identity credential and a plurality of positive databases maintainedby the custodian system; verifying, with the processor of the custodiansystem, an identity of the individual based on the identity informationand the plurality of positive databases; screening, with the processorof the custodian system, the individual against a plurality of negativedatabases maintained by the custodian system based on the identityinformation for entries related to the individual and indicating pasttransactions with one or more entities, and wherein screening is furtherbased on one or more screening criteria maintained by the custodiansystem and provided to the custodian system by an entity consideringdoing business with the individual; generating, with the processor ofthe custodian system, a score based on the validation of the identitycredential, the verification of the identity of the individual, and thescreening of the individual, wherein the score represents an amount ofrisk posed by the individual to the entity considering doing businesswith the individual; and reporting, from the processor of the custodiansystem, a response based on the generated score to the entityconsidering doing business with the individual.
 3. The method of claim2, wherein the response is further based on reporting criteriamaintained by the custodian system and provided to the custodian systemby the entity considering doing business with the individual.
 4. Themethod of claim 3, wherein reporting a response comprises reporting thegenerated score in a format selected by the entity considering doingbusiness with the individual.
 5. The method of claim 2 whereininformation indicating past financial losses to one or more entities inthe negative databases is submitted to the custodian system by the oneor more entities incurring the past financial losses.
 6. The method ofclaim 5, further comprising crediting a fee to the one or more entitiessubmitting the information indicating past financial losses
 7. Themethod of claim 5, wherein the information indicating past financiallosses indicates financial losses due to fraud by the individual.
 8. Themethod of claim 5, wherein the information indicating past financiallosses indicates financial losses due to account abuse by theindividual.
 9. The method of claim 5, wherein the information indicatingpast financial losses indicates financial losses due to the individualbeing a victim of identity theft.
 10. The method of claim 2, wherein theinformation indicating past financial losses separately indicatesfinancial losses of fee revenue.
 11. A method comprising: receiving, ata processor of a custodian system, identity information related to anindividual the identity information including information from anidentity credential presented by the individual; generating, with theprocessor of the custodian system, a validity rating for the identitycredential based on the information from the identity credential and oneor more positive databases maintained by the processor of the custodiansystem; generating, with the processor of the custodian system, averification rating for an identity of the individual based on theidentity information and the one or more positive databases; generating,with the processor of the custodian system, a risk rating for theindividual based on the identity information, one or more negativedatabases maintained by the custodian system indicating past financiallosses to one or more entities related to the individual, and riskcriteria provided by an entity considering doing business with theindividual; generating, with the processor of the custodian system, ascore based on the validity rating, the verification rating, and therisk rating, wherein the score represents an amount of risk posted bythe individual to the entity considering doing business with theindividual; and reporting, from the processor of the custodian system, aresult to the entity considering doing business with the individual, theresult based on the generated score.
 12. The method of claim 11, whereininformation indicating past financial losses to one or more entities inthe negative databases is submitted to the custodian system by the oneor more entities incurring the past financial losses.
 13. The method ofclaim 12, further comprising crediting a fee to the one or more entitiessubmitting the information indicating past financial losses.
 14. Themethod of claim 12, wherein the information indicating past financiallosses indicates financial losses due to fraud by the individual. 15.The method of claim 12, wherein the information indicating pastfinancial losses indicates financial losses due to account abuse by theindividual.
 16. The method of claim 12, wherein the informationindicating past financial losses indicates financial losses due to theindividual being a victim of identity theft.
 17. The method of claim 11,wherein the information indicating past financial losses separatelyindicates financial losses of fee revenue.
 18. A system comprising: aprocessor; and a memory communicatively connected with and readable bythe processor and containing instructions which, when executed by theprocessor, cause the system to: receive identity information related toan individual the identity information including information from anidentity credential presented by the individual; validate the identitycredential based on the information from the identity credential and aplurality of positive databases maintained by the system; verify anidentity of the individual based on the identity information and theplurality of positive databases; screen the individual against aplurality of negative databases maintained by the custodian system basedon the identity information for entries related to the individual andindicating past financial losses to one or more entities, and whereinscreening is further based on one or more screening criteria maintainedby the custodian system and provided to the custodian system by anentity considering doing business with the individual; generate, withthe processor of the custodian system, a score based on the validationof the identify credential, the verification of the identity of theindividual, and the screening of the individual, wherein the sorerepresents an amount of risk posed by the individual to the entityconsidering doing business with the individual; and report results tothe entity considering doing business with the individual based on thegenerated score.
 19. The method of claim 18, wherein the reportedresults are further based on reporting criteria maintained by thecustodian system and provided to the custodian system by the entityconsidering doing business with the individual.
 20. The system of claim18, wherein the reported results comprise the generated score in aformat selected by the entity considering doing business with theindividual.
 21. The system of claim 18, wherein information indicatingpast financial losses to one or more entities in the negative databasesis submitted to the system by the one or more entities incurring thepast financial losses.
 22. The system of claim 21, further comprisingcrediting a fee to the one or more entities submitting the informationindicating past financial losses.
 23. The system of claim 21, whereinthe information indicating past financial losses indicates financiallosses due to fraud by the individual.
 24. The system of claim 21,wherein the information indicating past financial losses indicatesfinancial losses due to account abuse by the individual.
 25. The systemof claim 21, wherein the information indicating past financial lossesindicates financial losses due to the individual being a victim ofidentity theft.
 26. The system of claim 18, wherein the informationindicating past financial losses separately indicates financial lossesof fee revenue.